Scaleable and Open Framework for Human and Digital Trust between Informal and Formal Infrastructures in Personal Health Care

As with any safety critical industry, there is a strong requirement for trust in the capture, storage and consumption of health care data. Errors in any part of this process can reduce human trust in the infrastructure. Unfortunately many systems do not radiate the rights of access to data throughout the complete infrastructure, and thus there can often be weaknesses in the transfer of rights to access between systems. Another issue in health care relates to the integration of the access rights between differing domains, such as for the formal health care infrastructure, and the informal carer infrastructure. While there can often be well-defined roles for access to data within a formal infrastructure, very little exists for informal care. The key aim of this project is to create a completely integrated infrastructure, where identity and role are used to define the rights to data capture and store, and onto the consumption of the services that are exposed to differing domains, which are strictly consumed using an integrated security policy. Figure 1 outlines the infrastructure (see attachments), where data is captured from the patient environment, and marked up with the required context (such as the patient ID, capturer ID, location, device type, captured units, and so on). This context information allows the data to be used in many different ways, such as tracking a certain device around the health care environment, or to determine the blood pressure for a range of patients. This data is then stored in its original captured form within patient data buckets, using the encryption keys of the capture service and the patient. Access to the buckets is then carefully controlled by a security policy, and is exposed through carefully managed services, which require an identity ticket verifying the role and identity of user consuming the service. Figure 1 shows an example of an EWS (Early Warning Score) which aggregates a number of clinical assessments such as blood pressure and heart rate. The service then, if the user has the correct rights to access the service for the patient, delivers an abstraction of the interface, thus supporting a wide range of devices, and customising the user interface based on the rights of the user. The core infrastructure has high levels of security and trust, where a security policy controls every action, and there will be three well defined, and open, interfaces to allow existing health care infrastructures to integrate with the e-Health Cloud. Once identity has been verified, using a federated trust infrastructure, a ticket is issued which verifies the identity, and is then used to access a service, based on their rights. The data is then carefully managed within a domain and no direct access can be made to it, apart from through carefully managed services. A SPoC (Single Point of Contact), as illustrated in Figure 2 is then used to control the flow of information between domains, using well defined policies, and rights are based on role and identity. A key challenge will thus be in integrating existing infrastructures, such as HealthVault with a new e-Health Cloud, while still perserving security rights. This will be achieved through a policy translation engine, which converts the enhanced policy definition into HealthVault.A key element of the system is the integration of patient simulation agents, that will mimic real-life clinical data, such as for heart rate and blood pressure, and which have defined patient profiles to provide likely changes in measured parameters. For example this would simulate an increase in blood pressure at given times for a patient who has been modelled at being a risk of a cardiac arrest. This simulator will provide the data to test a large scale infrastructure, with millions of simulated patients, and also will allow health care professionals and carers the opportunity to test the system and thus build up trust, using simulated patient profiles.

Impact 1: Measurable improvement in human trust levels The usage of simulated patient data aims to increase the human trust, and an impact will be shown with a series of experiments on the perception of the system as opposed to other existing systems. Overall the project aims to engage a wide range of related health care professionals and carers, using the infrastructure for simulated patient conditions, which can be defined and used with different patient models, for which they can then use the services to monitor important clinical conditions. Impact 2: Measurable improvement in digital trust levels The usage of detection agents focusing on clinical risks, machine/data capture misconfiguration risks and security risks, aims to provide high levels of trust through a range of black box testing on a range of perceived clinical and computer security risks. The patented Digital DNA technology provides levels of probability relating to defined behaviour of any computer event, and will be used as an integrated detection method for both events within the cloud, and on data capture devices. This will have an impact in showing that the system can proactively detect a range of events, such as for predefined clinical events and computer security alerts. Impact 3: Improved diagnosis for patients, and better information sharing The infrastructure provides a wide range of benefits for the general public, especially as everything is based on a single policy entity for a domain (such as for secondary health care), and then one for each interdomain access (such as between social case and health care). Thus, for health care, there should be improvements in health care research, and in the diagnosis within a clinical context. Along with this there are many problems caused by a lack of information sharing between public sector authorities, and the interdomain policies will support improved communications and help the public sector to response more accurately and faster to risks. Impact 4: Opportunity to define health care policy in a machine ready format As the infrastructure uses a single machine ready policy for all the information transfers, it could be used to define a single policy for the whole of the health care industry in the UK (and can then be customised on a local level). Impact 5: Novel patient simulation models within clinical practice The patient models will be build using both computer modelling methods, and with clinical expertise. All the data produced will be used to fill the patient data buckets, and then be used to provide the services. The evaluation aims to show that there is a measurable improvement in patient diagnosis based on improvements in the context of the data. Clinicians will thus be shown a range of patient cases, with the traditional case notes, and with the cloud-provided infrastructure, and the two will be compared for their success in diagnosing patients. Impact 6: Integration of novel anomaly detection for clinical and security risks This will define a new model to classify patient alerts in terms of clinical and security risks, including the novel usage of the patented Digital DNA technology, which has been developed by the research team. Impact 7: New data provision providers and new subscribers to health care services The interfaces in the provision of data capture in the health care environment, and on providing access to servers will be carefully managed, and will allow new products to be created from a wide range of collaborators. The interfaces to these will be published through a range of Web Services, and companies will integrate using easy to access calls to these. (see Pathway to Impact document for the other impact factors)